CVE-2021-27811

Published: May 21, 2021Modified: Nov 21, 2024

7.2

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: NVD

Description

A code injection vulnerability has been discovered in the Upgrade function of QibosoftX1 v1.0. An attacker is able execute arbitrary PHP code via exploitation of client_upgrade_edition.php and Upgrade.php.

Affected (1)

Products: Qibosoft: Qibosoft

Qibosoft

1 product

Qibosoft

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Qibosoft Qibosoft	Version 1.0

Related CWEs

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (4)

https://github.com/whiskey-jj/w2s2x2222.github.io/issues/2

Source: cve@mitre.org

ExploitIssue TrackingThird Party Advisory

https://www.cnvd.org.cn/flaw/show/2297879

Source: cve@mitre.org

Third Party Advisory

https://github.com/whiskey-jj/w2s2x2222.github.io/issues/2

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingThird Party Advisory

https://www.cnvd.org.cn/flaw/show/2297879

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.